CVE-2023-35841

Summary

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

Affected Software

VendorProductVersion RangeStatus
PhoenixWinFlash Driver0 < 4.5.0.0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
  • CWE-782: CWE-782 Exposed IOCTL with Insufficient Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References